Sunday, December 28, 2014

Deceitful, arrogant, insincere. These are just some of the words I would use to describe Comcast customer service. It seems like every week I read about someone with a horrible experience with Comcast. the senior management apologizes and re-iterates how much it needs to change. Nothing changes, and if anything, they are much worse. I've been reading these stories for years and I'm convinced that insincerity goes right to the top. They say "we need to do better" and then wait for the furor to die down.

Unfortunately, our story is fairly common, and from what I can tell from talking to others, here is the basic formula of how they maximize their profits day to day.

1. Comcast overcharges you. For a while you pay it, but it bugs you.

2. You call them up, and instantly hit barriers. They say "sorry, but our system can't do that" when it can. They say "we'll have our supervisor call you" and the call goes straight to voice mail. Sometimes a "Quality Assurance" supervisor calls you to ask how your talk with the imaginary supervisor went, at which point the original supervisor claims they tried to call you and you didn't answer.

3. Congratulations! You made it past the first few barriers. It is now more expensive for them to keep taking your calls than it is to actually fix your problem--you know, the one where they overcharge you ever month no matter what you do. They've tried to wear you down, and for most people this is where it ends: with the realization that you need Internet access and you're not going to call and cancel because they've made sure that there's no competition in your area.

4. So, now their tactics switch. They've tried to wear you down and found you to be tenacious and resilient. Now they start what I call the "bullshit phase" where they just admit their mistakes and tell you that their on it, and to check next month's bill to make sure everything is fixed to your satisfaction.

5. Except they didn't fix your problem, and if you're very unlucky, your bill could've even gone up. At this point they are admitting their mistakes, except the process of fixing your mistakes creates more mistakes and either another loop through the imaginary supervisor queue, or a real supervisor says "oh gosh" and promptly fixes your mistake for real this time.

Conclusions

There's a word for a group of people who continually try to take money which isn't theirs and then drag their feet when it comes time to paying it back: swindlers. We have been an uninterrupted customer of Comcast for over 10 years, and in that time they have never once had our billing right. We've had years go by where we just didn't have the energy to call every day and fight with them. They admitted they overcharged us for years and then ... wait for it ... gave us free HBO for a year after a week on the phone.

As a technologist, I absolutely need a fast Internet connection day-to-day, so I am at their mercy and they know it. The big incumbent carriers out there like Comcast are lobbying for laws to throw the consumers under the bus and eliminate what little competition they have.

This is why I say that Comcast is an abomination in every sense of the word. The world is a worse place with Comcast in it. Like some of the big banks, they tend to screw over the customers who can least afford their service. And for what? To please the stockholders?

Tuesday, November 25, 2014

Today I can no longer connect to nbcnews.com. Since NBC is owned by Microsoft, my theory is that their servers are running old versions of Windows Vista. For years I kept my home page set to MSN, until it became a platform to push Bing down everyone's throats. Then I switched to CNN, didn't like it and then finally switched to NBC News home page.

Tuesday, November 18, 2014

SSL encryption on the web has turned into an orgy of corporate influence and government interference. To enable the secure HTTPS protocol on your web site involves paying a small fortune to a "trusted" certificate "authority" for a certificate telling the world that you are who you say you are on the web.

Not only are they a scam that you have to pay into to have a secure web site, but all CA entities are trusted equally, even though some are shady as shit. Any CA can issue a certificate for any domain, and that certificate is automatically valid because it came from a "trusted" authority. Which means that _some_shady_CA can issue a trusted certificate for google.com and that certificate automatically becomes trusted by any browser surfing to it. There have been lots of documented incidents where hackers and repressive regimes use forged certificates from a shady CA to implement man-in-the-middle attacks against users who think they are browsing securely.

What's wrong with this picture: Large corporations given these CA contracts by politicians, with every web site on earth as a captive audience are responsible for creating trust on the web.

As broken as SSL is, currently it's the only game in town. Right now the two biggest problems:

1. Cost - Certificates are priced out of what small companies and individuals with web sites can afford to pay.

2. Trust - Most trusted certificate authorities don't seem that trustworthy, even though the entire system is based on their trust, which they sell for money.

Let's Encrypt

A new Certificate Authority has been created in conjunction with the EFF (Electronic Frontier Foundation) and a few other companies that give a flying fish about our privacy. It's a short list of good guys on the Internet, and the EFF is at the top of that list.

This site when it goes live will offer SSL certificates for free! A certificate I can afford from a CA that is actually trustworthy ... it doesn't sound right, but I'm exited that this may actually come to fruition.

Assuming it goes live, now small blogs and shops like me can offer the safety of encryption without borrowing money from relatives to afford being gouged for the certificates we need to have to make it happen.

Thursday, November 13, 2014

As a guest, I wouldn't thinking of walking into someone's house and turning on their stereo. And maybe I'm a bad host, but it seems presumptuous for a web site to take it upon itself to make sounds on my speakers without my permission. I'm starting to think that these huge mega-corporations don't have very good manners. They certainly don't seemed concerned with users' bandwidth caps.

Today I finally got sick of videos I never intended to play stepping on my music or movies I watch on the computer, so I figured out how to turn this unsolicited video and sound off, but still be able to watch the video if that's what I intended.

Luckily, Google Chrome has a feature buried in its settings to restrict plugins from auto-playing media until you the user click on something.

Go into Chrome's settings screen and scroll down until you get to the Privacy section. You'll see a button labeled "Content settings." Press the button as shown below.

Then scroll down until you get to the Plug-ins section. It's probably set to "Run automatically" which makes all that crap start playing without your permission.

Change this selection to "Click to play" and click the "Done" button to save the setting.

That's it! It's buried in the settings pretty good, but it's worth the little bit of effort to find it. Now these sites won't hijack my speakers and waste my bandwidth. Some of these news sites will just start playing, sometimes after sitting there doing nothing for a period of time. The site will then start playing video until you tell it to stop, using up your device's power as well as bandwidth.

Tuesday, November 11, 2014

After having less than positive experiences with several VPN providers, it dawned on me that I was using the Google machine wrong. What I needed to be searching for was highly rated VPN providers. Even then, the reviews are all over the map. Some of these review sites seem to have a financial interest in recommending a select few providers.

Even when the review sites look legit, they all seem to recommend a completely different set of providers. So it took me quite a while to find BolehVPN, and even then I was skeptical. It's very hard to filter through all the noise, at least for VPNs.

So I signed up for a month just to try it, and everything went smoothly. They have a well written control panel that gives you full access to your account, and all the different servers and services they offer--it's all right there.

After the month was up, I purchased a two month plan. But after I paid, the control panel still told me I was expired. Most of these sites seem geared towards recurring subscriptions, which I won't do until several months without a problem, which so far hasn't happened. The problem turned out to be that when you purchase "air time," then you have to go into their web site and press a button to activate the time you just bought.

It's not very intuitive at first, but after about a year with them, I get used to activating my time every time I pay. It's actually a neat feature because you can defer activation to a later date, so for example you could pay for a couple months, realize you have to be on a plane tomorrow, and just activate it when you get back.

The security seems well done, performance is good, the service is reliable, and so far, no billing shenanigans. More than one service has done funny business with the billing cycle. So on one service I even waited until the service actually expired so they couldn't shorten the billing, but then they demanded a late fee for restoring service, which is the story of how I ended up at BolehVPN.

With about a year of smooth operation, it's almost been a dull experience compared to the other providers I tried. A couple weeks ago it stopped connecting, so I went to their web site and discovered they changed the AES key strength, and all I needed to do was go to the control panel and click the update button.

Saturday, November 8, 2014

A router uses something called NAT (network address translation) to share your public IP address (which you only get one of) with the numerous Internet-enabled devices that most people own these days. Letting many devices share a single IP address is not only convenient, but it gives you a nice bump in security.

Think of the router as a decoy for your network. The router takes all the malicious packets on itself and makes it harder to discover what the real targets are—your personal computer and other devices like phones, tablets, smart TVs, blue-ray players, etc. TCP/IP works because devices can connect directly to each other. But the router obscures the end point devices by making them non-directly-addressable. To attack something from the outside, you have to get through router’s NAT to connect directly to the computer you are trying to attack, which in practice almost never happens.

Most systems are compromised by tricking the target human into clicking on a malicious attachment or installing a malicious program thinking it’s harmless. If your system is compromised, it’s probably because the weak link was the human. This technique of tricking the humans into compromising their own systems is called ‘social engineering’ and even savvy people can fall for it. My wife even fell for a domain registration scammer trying to charge me $100 to have my domain submitted to Google, which no sysadmin on earth would fall for, but my wife almost just paid it.

The Weak Link is You

Social engineering could be anything from someone calling a company you do business with and impersonating you, to a phishing attack pretending to be your uncle Ned telling you about this great property for sale in Idaho. The same people who are suspicious of computers will tell you every password in the company if you convince them you are with the IT department and sound like you know your stuff.

So I think for security, some folks are thinking in the wrong directions. The biggest threat to your security is you. I don’t even trust attachments from my wife when I can walk downstairs and double check she sent me a link. The less sophisticated I think someone is, the less likely I am to open an attachment from that person. I have some relatives who only send me email or post to my Facebook wall when their computer is compromised and starts spamming everyone. The shady people I know usually have a better grasp on technology

Thursday, November 6, 2014

I used the TorGuard VPN service for a few months. They would send me a bill every week before it was expired. That's normal, and I usually pay bills when they come in. The problem was that they were subtracting time off my account every time I paid it early.

For example, let's say I paid it on 1/1/2103 and it was due to be renewed on 2/1/2013, which gives me a month of service. So far, so good. But then let's say they send me a bill on 1/21/2013 and I pay it on that day. Now they would show my account expiration date as 2/21/2013 and all of the sudden every time I pay a week early, I lose a week's worth of service. So in this example, I would then get a bill on 2/15/2013 telling me that my account expires on 2/21/2013 and asking me to pay a week early, and now after paying a week early two months in a row, I now get 45 days worth of service, and so on.

I'm pretty sure it's only one guy that runs this company, and if you search on sites like ripoffreport.com for this stinker of a company, you will see many rambling tirades against anyone who complains about the service. The owner is known for profanity-laden insults towards his customers.

UPDATE: Looks like I might have been the recipient of one of those insulting tirades!

I had opted out of all emails from TorGuard, but today I got an email from TorGuard support, telling me about this great new service they have. But I'm no longer a customer. In fact, I had to file a PayPal dispute to get my money back. TorGuard never responded to the PayPal dispute by the way.

So today I get an email from a company whose email I opted out of and who I had to go to PayPay to get a resolution with, using its support resolution email as a return address. Classy.

That isn't gonna happen, so naturally I replied with this:

I found it odd that the spam email they sent to me was from TorGuard support. I was no longer a customer! And true to form, they replied by opening a support ticket. At this point, all I had done was respond to spam from a company that I had a bad experience with and opted out of.

So now, with my trouble ticket generated, I waited to see what nuggets of wisdom would come from this company I had an awful experience with. And of course, they didn't disappoint!

I made a screen shot of the first comment in case the person tries to delete it after the fact. I don't know for sure it was the owner of TorGuard, as blogger.com does not give me the tools to do an IP trace (which is probably coming through a VPN anyway haha) and Google has been a good host for the blog so far. This reply is consistent with the owner's attitudes towards his customers from the stories I've read, and my own personal experience.

Also, what makes a supposedly random commentor say that my story is complete nonsense? PayPal understood what I was saying when I filed the dispute. I've been building back end commercial billing systems for decades, I've seen a couple of these companies parlay billing issues with their system into greater profits. Like "oops, we'll look into that" *wink* *wink* Math isn't that hard. Seems like a pretty simple example I made of paying for 30 days and then seeing my expiration date continually giving me less and less service. When doing date calculations for billing systems, there are 3 dates a programmer cares about: Effective Date, Expiration Date and As Of date.

A happy, amused and clearly angry bigot! That's quite an emotional range there, and this also marks another milestone as a blogger: my first truly bigoted comment.

Wednesday, November 5, 2014

For animated GIFs, I've always used an online GIF maker. These online tools tend to be extremely simple and easy to use, so most of the time I will use these simple tools to manipulate animated GIFs instead of Photoshop, which seems to require a level of complexity for even simple tasks.

This time the issue was that I needed to crop an animated GIF because it was showing a prescription bottle in the background with highly personal information on it. And it dawned on me that I didn't know how to crop a GIF that had already been animated with multiple frames. A couple times I've cropped the frames separately but that's a huge hassle, and I figured there had to be a better way.

It drove me crazy figuring this out, and here's what I did:

1. When you open an animated GIF, Photoshop CS6 shows you all the layers on the side, but you only need to crop just one layer--whatever layer it happens to land you on is fine. When you go to Image -> Crop then it will crop all layers. Originally I had done Select -> All Layers but that turned out to be unnecessary, and I went back and tested it again. So all you need to do is crop one of the layers, and you will see all the layers on the side bar change size.

2. Now go to File -> Save for Web and you will get a window giving you access to all the settings for the GIF you're about to save. Then press the OK button, choose a file name and you're all set.

Saturday, November 1, 2014

I saw an article of the same name today but I didn't read it. With most of the mainstream medial spewing nothing but FUD (fear, uncertainty, doubt) these days, it's hard to separate the real uncertainty and doubt from what they play up to get more ad impressions and sell more clicks.

The answer is that your photos are as safe as a company like Apple can make them and still be able to hand them over to anyone with an official looking piece of paper, which is a long list. These are the so-called "back-doors" which can be and are used by Apple whenever it so desires. Many people agree with this process, as more often than not, that data is compromised to catch the bad guys.

My only problem with the equivalent of giving the banks keys to my house is that I understand completely that the bank doesn't give a single shit about me, and it would be in its best interest to have the keys to my house, where it wouldn't really be in my best interest at all. I doubt anyone these days is naive enough to think that a company like Apple is doing anything but putting itself first when it has the keys to your data.

Also, a back door is essentially a weakening of your encryption and goes against the whole paradigm of encryption in the first place, which is to guarantee that the owner, and only the owner can get to the data. Every key to your house (and your data) is one more key that can fall into the wrong hands. Every intentional weakness put in to help the good guys can just as easily be exploited by the bad guys. That's what a weakness is. And making any weakness intentional is incompatible with the whole concept of encryption.

So the ultimate answer to how safe your data is, goes something like this: Your photos and other data are not safe in the cloud. Or put another way: your data is about as safe as Apple is caring. Unless you are encrypting the data yourself outside of and completely separated from the cloud (which you probably aren't) and doing it correctly (which is doubtful,) then it's best to just assume that anybody who wants your data already has it. This is the grim reality of privacy today.

In fact, that's what's truly protecting your data. Programmers call this "security through obscurity" and it's the only thing keeping your data safe most of the time: the fact that probably nobody wants it. Nobody has hacked my photos and plastered them on the web. But just for the record, my left side is the good side.

Of course you could always encrypt all your important data like photos yourself, and that way anything in the cloud with your name on it is already encrypted by you personally with only one key. That way anyone who is able to strip Apple's encryption from your data is going to run face first into your encryption, but where would be the fun in that...

Thursday, October 30, 2014

This call is being recorded for training and quality assurance. I don't think a single soul buys that line of BS, but yet we all put up with it. Your call is being recorded to use against you if some sort of conflict ever arises. And if in the course of that conflict, the recording shows any impropriety by that company, you can bet it will come up missing. They will be really sorry it's missing, and the excuse will seem plausible.

Have you ever tried recording one of those companies who says they are recording you? I have. The first thing they will tell you is that you don't have their permission to record them. Yep, the same person who just glibly informed you that this call is being recorded will express righteous indignation that you are recording them.

But of course you don't need anyone's permission most of the time, just disclosure. The recording was hilarious, too.

"You don't have my permission to record this conversation."
"No one is forcing you to stay on the phone, and no one is forcing you to talk."
"You need to stop recording me."
"You are free to stop talking at any time."

Eventually it got boring and she did hang up, but I got to thinking about the complete disparity of it. These same people who care so much about their own quality assurance, don't seem to have any regard for mine, even though I spend half an hour listening to their recording tell me how much they value my business...

Sunday, October 19, 2014

I'm not greedy. I don't want the whole solar system. Just a planet. Just Saturn. Earth is pretty much played out. The rings of Saturn are really cool looking, and I like how everything on the planet looks like it kind of just blends together. Seems like it would be a really great planet if people got to know it socially.

Which is why today I announce my ownership of the Planet Saturn for the whole universe to see. The Internet has a very long memory, so I'm entirely confident that some day the field of planetary law will evolve to the point where my legitimate claim will be recognized. Society will look back, and they will see that I was the first person to claim it. Sure, there are plenty of Saturn owners out there, but they own cars, where I own the actual Planet. Trust me, I Googled it.

So in case this isn't painfully clear, I call DIBS! on the planet Saturn. It's mine now. And I'm getting grumpy in my old age, so I'm going to ask that you kindly get the hell off my planet. And take your probes with you.

Monday, October 13, 2014

Most of my domains have been purchased through Google back when they gave you that option, so it wasn't necessary for me to tell the search engines that my new domain exists. Not to mention the fact that if you do everything right, the search engines will come to you.

I didn't think much of the emails that I assumed were from my domain provider, asking me not to skip the important step of registering my new domain with the major search engines. There was one domain I wasn't sure what I wanted to do with, so I figured in this one case, why not raise my hand and tell Google my site exists while I'm still deciding what will exist there.

So I clicked on this email with a subject of "Website Assistance" figuring that it came from GoDaddy or one of its affiliates. But I'm not so sure that it did. I wouldn't put it past GoDaddy to try to charge me an exorbitant price for something I can get for free, but my reasoning is that they would try to sell me that stuff at checkout, and not send me a generic looking email after the fact.

Like I said, it's debatable and probably situational that you would even even need to tell the major search engines that you exist. And in that case, it's a service these search engines offer completely free. So I was more than a little shocked that it wanted almost 100 dollars to provide me this service.

You can see the name of the company from the email below. I don't want to link to them or spell out their name, because that would increase their search rankings. Personally I consider it a scam to sell you something you could get for free with a few minutes of your time. They're not even really saving you any time, as there are lots of services that will submit your domains for free in one shot. And of course you're paying for something that many would argue you don't even need, since if you can't get one search-engine-visible site to link to your site, then you are doing something terribly wrong.

Pressing the Register button takes me to a screen where I put in my name and the domain name I want to submit. Sweet, I'm almost there! And then it tells me that I have a coupon code, and below the code it says "Congratulations, you have our highest valued coupon!" Wait, coupon? Oh well, maybe it's reasonable.

Whoa, they took 300 big ones off the price. That's just too amazing to pass up ... or not.

So is it technically a scam? I'll let the readers decide. It sure has some glaring red flags in the way they operate in my opinion. It seems like they are preying on brand new web site owners who are in over their heads and don't understand anything about search engines or SEO (search engine optimization).

You can also see the domain I registered above, which I didn't blur out. I think I'm ready to make some high quality privacy tools and maybe even release them as open source, since it's hard to tell which companies to trust with your data, especially when it comes to encryption. So I bought this domain and I haven't decided how it fits into my plans and there's not much of a reason for me to link to it from my other sites. And so in the mean time I guess it's OK that Google sees it, even if there isn't much to see, and that's why I manually registered it with Google instead of linking to it.

Also, anyone interested could quickly do their own search engine submission if necessary, and some are completely free. This service isn't personally worth $397 to me, even with a $300 coupon, but if it is to you, then more power to you. And if you have that little regard for your money, there are always organizations like UNICEF which could probably put it to better use.

Search Engine Visibility

The best way to gain visibility and increase your ranking with the big search engines is by having other sites link to your site. It's that simple. And it's not called the 'world wide web' for nothing. When a site that's visible to search engines links to another site, the search engines crawl that link too, and in this manner they see most of the web.

Now, Google uses their own secret voodoo to determine a site's ranking, but most of a domain's search ranking seems to come from a) how many visible sites are linking to your site and b) what their search rankings are. So for example if you created 10 new domains and linked them all to each other, none would be visible to search engines and none would have very good ranking. Now, in this scenario all you would have to do is make one site visible to search engines and they would find your other 9 on their own!

The best way I have found to start from nothing with the the search engines is to make intelligent comments on blogs that relate to your new web site's subject matter. Most blogs have a field to put in your web site URL when you leave a comment, and search engines see this as a legitimate link. This not only makes you suddenly visible to every major search engine, but it also gives you a boost in ranking depending on the ranking of the blog you made a comment on. But be careful. The big blogs understand the power they hold, and may/will delete any comments they deem too self-serving or whatever their policy is. So make sure it's a legit comment, because "Hey, I loved your article and think you're awesome" only works on me.

Saturday, September 13, 2014

There's a dizzying array of Bluetooth headphones available today. They're pretty much all made in China, even the high end ones. They all have similar features, similar specs and they all make similar claims. It's very hard to tell them apart, and the only thing that makes it a little easier is all of the reviews. But they seem to universally get mediocre reviews. This particular model, the Alpatronix HX100 only gets 4 stars on Amazon. I did have a pair of MEElectronics which gets 4.5 stars at least, but they were a little small for me and the wife claimed them before I could do a review.

Product Description

Price: about $40 online

The HX100 are budget Bluetooth 2.0 headphones with the standard audio controls and a built-in microphone for voice calls.

Official Specs (From Amazon)

Overview: Functions both as audio streaming headphones as well as a hands-free telephone communication device. This headset allows the user to perform most of the audio functions related to tablets and smartphones. Functionality may vary with Windows notebooks and desktops.

Functions: Easily pairs with your device for first time. Then it can automatically detect the device and pair in less than a few seconds. Integrated playback controls - play/pause, answer/hang up (hands-free function), skip forward/back, volume up/down, and built-in microphone directly on the headset.

Sound Quality & Battery Life: Covers high, low, and middle ranges well without too much emphasis on either end. The battery can last up to 4-5 hours of continuous playback or talk time, and the device can be charged in about an hour and ready to go.

Initial Impressions

These Alpatronix headphones came simply packaged with just a charging cable and the usual awkward instruction manual. The first thing I noticed is that it had a non-standard charging cable instead of the usual mini or micro USB charging solutions I would have expected. But it's the same cable as the little 7 inch tablet I use for reading, so I was already packing that cord on road trips, so it's not one more thing to carry.

Mine came with enough charge to test with, so I paired them up to my PC which has a Bluetooth USB dongle, and my play list I was listening to switched from the speakers over to the headphones just as I hoped/expected they would.

Build Quality

These headphones seem fairly well built. The fit and finish are even above average. The plastic pieces where the ear cups rotate look to be a little flimsy, but I am abusive towards all my gear and no problems so far. The buttons seem a little cheap as mentioned in one of the Amazon reviews, but every pair of Bluetooth headphones I own have cheap-looking buttons on them.

Overall I am satisfied with the quality for the 40 bucks I paid for these.

Pairing

My thought on Bluetooth devices is that if you need to read the instruction manual to pair your device, then you bought the wrong device. As expected, holding the power button down for a few seconds powers the unit on, with a flashing green light. Leaving the button pressed down past that point for a couple seconds more puts the unit into pairing mode, as indicated by alternating green and red blinking.

I've paired this unit with a PC and several other devices such as Android tables and phones, all with no issues. The device shows as "HX100" on everything I pair it to.

Fit

The fit on my largish head is acceptable. They are a little on the tight side but other than that are pretty comfortable. The foam could be a little thicker but it's OK. The headphones feature a left and right length adjustment which seems to be a good design. It also has a good feel adjusting them--it doesn't feel like I'm going to break the headphones by adjusting them, like some other models I have looked it.

Sound

The sound quality is pretty decent considering the price. It has some pretty good volume, too. Having donated most of my hearing to a dozen or so heavy metal concerts in the 80's, I can still turn them up high enough to hurt my ears.

Low and mid frequencies are pretty good. Most people only seem to care about the bass, and those people won't be disappointed. Highs are a different story, and I have yet to mess with the graphic equalizer on my devices to get these headphones to sound like I want.

All things considered, these headphones have a rich sound that is completely acceptable.

Range

The HX100 utilizes the Bluetooth 2.0 specification which allows for extended range supposedly up to 30 feet. What I've noticed is that the range is affected both by the headphones and the device they are paired to, but I seem to always get about 30 feet of them, more or less--it's kind of situational.

User Interface

The user interface on the HX100 is actually pretty decent. One the left ear is play/pause in the center with the track buttons on either side. On the right ear is the power button in the center with volume controls on either side.

When you start playing music, it will start at low volume for a couple seconds before it goes to full volume, so you have a little bit of time to prepare to get blasted or reduce the volume.

Voice Calls

In the words of the late Tony Soprano, fuggetaboutit. The few times I tried to use this unit for voice calls, the folks I were calling kept saying "can you speak up?" and "what's wrong with your phone?" and so forth. The microphone just isn't sensitive enough for people to hear you, though you can hear them just fine.

The ability to make voice calls isn't why I purchased these headphones, but it would be nice if it worked right, since the manufacturer claims it works and all. In fact, I don't think I have a pair of Bluetooth headphones that work properly for voice calls. I have a small ear bud for voice calls, but I have to switch to it if the phone rings while I am listening to music.

Usability

For daily use, I'm satisfied with these headphones and their performance. Sound is decent, range is decent, and they only become uncomfortable to wear after a couple solid hours of use. They connect quickly and the controls are responsive. Once in a while I catch a reflection of the green blinking light, which is a little annoying. I wish the LED was positioned a differently or turned off with the headphones in use.

Battery life seems decent, and so far I have not managed to run the battery dead, even with using them several times between each charging session.

Conclusions

The HX100 is a passable set of Bluetooth headphones, which I find myself using often. My other sets of wireless headphones all seem to like to randomly cut out or disconnect completely, and these headphones do not have that problem. It would be nice if they had slightly better sound but I also look at other factors such as range and ease of connectivity, so all things considered, I am happy with my purchase and would recommend this model.

Sunday, July 20, 2014

There's a growing movement not only to take away your privacy, but to convince you that taking your privacy away is no big deal. You've probably heard some of the arguments, like "why do you need privacy if you have nothing to hide?" and so forth.

First, look at who is saying these things and notice that they have a vested interest in trashing your privacy, whether it's governments or corporations. Both want to erode your privacy for different reasons but the net effect is the same. So are their rationalizations. It all boils down to hollow rationalizations: It's to improve your shopping experience! It's to catch terrorists and pedophiles! Think of the children!

But it's all BS. There's no evidence that bulk data collection or corporations aggregating data on you has done anything but trample your rights in the name of some cause, or worse, in the name of profit.

I am here to tell you that everyone deserves privacy. It's even built into the Fourth Amendment, which guarantees us the right against unreasonable search and seizure. The next time someone gives you that line about "if you have nothing to hide", hand them a slip of paper and ask them to write down their personal banking information. Yeah, I thought so. Everyone has something to hide, and everyone has something to lose when their privacy is trampled on.

You deserve privacy. The fact that bad people use technology to do bad things has nothing to do with you, the law abiding citizen. And the fact that taking away everyone's privacy could make it a little easier to catch those bad people also has nothing to do with you. The Constitution does not say "unless terrorism" or "unless quarterly results".

It's time for all of us to collectively reject the notion that if you want privacy, you must be a terrorist or pedophile. The more people who don't reject that philosophy, the easier it gets for the masses to believe the socially engineered lie--the lie that we do not deserve privacy.

Saturday, July 19, 2014

In the course of creating an e-commerce site for my outdoor blog, I noticed something really strange. Only a few minutes after setting up my Drupal Commerce Kickstart software, users started registering. Which is strange because the new domain does not point to the server yet. The spam bots must be connecting straight to my IP address.

I do have my outdoor forums pointed to the server, so maybe it's the same spammers that normally attack and try to spam my forums. Maybe those robot spam toolkits have the ability to register with e-commerce sites as well as Internet forums and blog comment pages.

It seems really sophisticated but I'm not sure what an attacker has to gain by registering for an e-commerce site. Either way it's clear that I will have challenges running an Internet store that I never considered.

Thursday, July 10, 2014

Having a VPN (virtual private network) service is one of the few things you can do to actually increase your privacy. While it won't shield your activities from people and governments with massive resources, like some TLA (three letter agencies), for the most part it is a very effective privacy tool.

Over the last few years I have used a few different services, I have noticed that most of the ones that offer month-to-month billing have a flaw in their systems that they have no desire to fix. The subscription-based services which auto-bill you every month for the most part don't have this problem, but I'm not one to trust a company until I have some experience with them, so I always start month-to-month on these services.

Example

Let's say that I pay on 1/1 for a full month, which gives me a period of service from 1/1 to 2/1. But on 1/20 the service starts spamming my email, informing me that my month is about to expire. So I pay the service on 1/20 and think everything is fine and I'm good until 3/1, right? Wrong. Now on 2/10 I'm getting those spam emails, telling me my service is about to expire on 2/20. Where did those 10 days go?

The answer is they took those 10 days of service from you. If you call or email to complain, chances are they will credit your account those 10 days. But they won't fix the problem, and next month you'll be in the same boat. What's worse, if you don't say anything or don't notice it, they will happily keep shorting you service. Once company refused to credit me the difference so I was forced to file a PayPal claim.

I can hear someone saying "just let it expire before you pay it again" but nope, most of these services charge you a late fee if you let it expire first.

Solutions?

1. Use a subscription-based VPN service that auto-bills you every month and keep an eye on them.

2. Use a VPN service that doesn't charge you a late fee if you let your service expire.

3. Use a VPN service that lets you pay in advance but defer the activation until after it expires.

Conclusions

I've been writing this type of computer billing code for insurance companies for decades, and it's not rocket science. The logic to bill and adjust for money by date is very straightforward. No, the real reason these companies do it is because they can. They assume right off the bat that you are doing something shady by using their service, so you will not complain too loudly. So they have no incentive or reason to fix the problem, which probably makes them a lot of money.

For this article I will not shame the bad services I have run across, because they almost seem to be universally bad. What I will say is that my current VPN service BolehVPN allows me to wait until my service expires to re-up with another payment. They also let you defer the activation of your payment for up to 60 days, so I can pay for it when it expires, and then just activate the next billing period when I'm ready.

There are a whole lot of folks out there who have a personal or profitable interest in shaming you into believing that you are not worthy of privacy. You must be hiding something, right? We're all hiding something. I doubt anyone has their banking site passwords taped to their front door. You deserve privacy, and the folks who have a vested interest in profiting from it or taking it away will do everything they can to make you feel like a second class citizen.

The answer is to hold these shady companies accountable for screwing you over 10 days of service at a time. You are not a second class citizen. Treat them how you would treat your phone or cable company and don't cut them any slack for assuming you are too ashamed to ask for your money back!

Saturday, July 5, 2014

I've seen it happen with friends and acquaintances. They are working on a novel, or a big presentation or something big, and then suddenly their computer craps out. Now, these people all usually have one thing in common: at the time their computer crashed, they did not have a current backup. This article is for those people. Since I'm a software guy, I look at hardware with all the fascination of a toaster as long as it's working. So if your data is backed up, revert to the backups unless you have some compelling reason to recover the data.

Send it Back?

At this point you are probably thinking that since you have a brand new laptop with a 5 year warranty and all the extra coverage you can buy. That might be great for keeping your hardware working, but it won't protect your data. When you send a system back, you can definitely request that they recover the data on it. They may even charge you an extra fee to attempt to recover your precious data. They'll even sound really positive and upbeat about it. But in my experience, about 100% of the time they will make no attempt and just apologize that they were unable to recover it. I've seen it happen too many times in my career with too many people, most of the time knowing the data was recoverable. The irony here is that most of the time when you ask them to recover data, they just assume you are saying the hard drive is bad and they give you a new one, which obviously doesn't have any of your data on it. So when you get it back, it's too late to run any kind of data recovery software because your data is somewhere else.

Equipment Check

Philips Screwdriver: Before you start, you are going to need a couple things: a good Philips Screwdriver to start with. Lately I like the Wiha brand. You get what you pay for, but either way most people can dig up a Philips screwdriver. Note for a laptop that it will be a much smaller Philips like a #0.

Flathead Screwdriver: Sometimes you may need a flat head screwdriver or the flat of a pocket knife blade to lift a laptop drive enough to slide out.

USB Adapter: There is a special type of cable adapter which turns a bare hard drive (laptop and desktop) into an external USB drive. You are probably already familiar with external USB storage devices like those little flash drives and portable hard drives. If not, then maybe you are out of your element here. With this cable, you can turn any bare drive into an external USB drive you can then plug into any computer or device capable of reading a USB storage device. This means you can even recover your data from a smart phone or tablet!

As an alternative to the adapter, you can also get a docking station that sits on your desk and lets you drop in any bare desktop or laptop hard drive. It's a neat device, but unless you handle a lot of bare hard drives, you probably don't want it sitting on your desk.

Do It Yourself

Your valuable data resides usually in a single place on your computer: the hard drive. These days that drive can even be solid state and you may have an SSD drive with no moving parts. Both are functionally the same: small boxes inside your computer which store your data. If your computer stops working, your hard drive may still be fully functional. This article will assume that your computer has failed but left the hard drive intact, which is usually (but not always) the case.

If your hard drive turns out to be damaged, you still have a few options, but this discussion is beyond the scope of this article and may be addressed in future posts.

IDE or SATA?

The two main types of drives you will find in most computers are IDE and SATA. I won't bore you with details, but suffice it to say that SATA is newer and faster and will usually be found on any system newer than 2004-ish. For the purposes of this article, it really doesn't matter which, because hopefully you will buy the adapter that does both.

You can still find this older style IDE-only adapter below for cheap. I use it for old laptop drives and have long since lost the power supply it came with.

I've had this kit below for several years and will pretty much read any drive.

Below is a bare IDE laptop drive from an older laptop I chucked in the trash.

Below is a desktop SATA drive. You can tell a SATA drive by the small cables.

Below is an older IDE drive, which you can tell by the big ribbon style cable.

Pull the Hard Drive

So now you have the proper equipment and you know what you are in for. Let's get the hard drive out.

The only thing resembling a difficult part of this task is pulling the hard drive from your computer. This may be daunting to some folks who have never done it, but keep in mind that all modern desktop and laptop computers are designed so that components like the hard drive are easily accessible. This is not the case for smaller devices such as tablets and phones, but for actual computers, the hard drive is almost always going to be easy to get to with just a screwdriver.

Desktop: I'ts usually much easier to pull a drive from a desktop computer. As you are looking at the computer from the front, you will want to remove the left panel. Now look at that panel from the back of the computer and it will usually be held on by 1 to 3 Philips screws. One of those screws might be a thumb screw you can take off with just your fingers, and in some cases it's just one thumb screw holding that left panel on. Either way, take off whatever screws are there and try to slide the panel toward the back. Since there's so many different brands of computers, the panel could be different: it could swing out or fold up or there may not be a separate panel.

With the inside of the case accessible, you should see some sort of "cage" or mounting bracket with a hard drive in it. If it's a newer SATA drive, it will have two little cables coming out: a power cable and a data cable. Very carefully remove both these cables to start with. If it's an older style IDE drive, it will have a much larger ribbon cable and an older style power connector. Same concept: very carefully disconnect the drive.

Now the only left is to physically dismount the drive. The problem is that some manufacturers have wonky rail mounting and other ways to make it easy to remove the drive, and they are all different. Most of the time the drive will be mounted with 2-4 Philips screws, and in some cases you will need to remove the right panel to get to those mounting screws. Some manufacturers will mount the drive in such a way to remove it without taking both panels off. What you need to do is spend a few minutes just looking at it and most of the time it will be obvious how to remove the drive. Keep in mind that this is not rocket science, and most computer repair technicians are not who I would characterize as rocket scientists. So bear in mind when you are looking at the mounting, that it's designed for a kid at McDonald's to easily remove it--don't over-think it.

Laptop: It seems like every laptop is slightly different, but functionally the same. You take off a back panel which exposes the hard drive and you unmount it. Once the drive is exposed, you will usually only find one or two screws securing it. From that point, on most laptops, the drive will just slide out of its little dock and then pop out of the case. Be very careful with any connectors because they are usually much more fragile on laptops.

Below is a photo of my wife's HP Pavilion laptop, with the hard drive circled. To take the hard drive out of her laptop, there's just one screw holding the sliding back panel. Once the panel is off, the drive comes out easily.

Recover The Data

Getting the bare drive out is the hard part. Once you have it in your hands, you can now recover the data by hooking it up to an adapter. For some configurations like the IDE laptop drive below, you don't need the power supply that comes with the adapter since it gets its power from the USB port. Larger desktop drives will need the power supply plugged in.

The setup below is like a geeky portable drive. It's only 80GB but that's still lots of photos.

Once you have the adapter plugged in, your setup acts just like any USB storage device. You can copy data from the drive, format it--do whatever you want. At this point you should consider buying a proper portable drive to backup your data. I like the smaller ones that have a laptop drive inside because they don't need a separate power supply to lug around, though they are usually not as fast as their bulkier desktop cousins.

Conclusions

I know people who carry old computers from city to city, year after year because it has some old photos or documents on them and they still haven't gotten around to doing anything with it, and their procrastination doesn't allow them to just send it to me. Usually I have the drive out in a minute or two and copying data to something easy to access, like a drop box account. It's normally very painless to get your photos from a dead system. Usually it's some high failure component like the computer's power supply, motherboard or CPU. Every once in a while the hard drive itself fails and at that point you're pretty much screwed for easy recovery. There are data recovery shops out there which can pretty much work miracles when it comes to recovering your data from a damaged drive, or even a piece of a drive platter.

But most of the time, the drive can be dismounted and your files copied just like any other storage device. You can even buy a portable laptop or desktop sized enclosure and turn your orphaned drive into a proper external storage device!

Saturday, June 28, 2014

Someone was asking this on an Internet forum I frequent and I was re-reading it, I realized that my reply actually made sense, so I decided to share it to a wider audience in case anyone else finds it useful.
Formatting the drive doesn’t necessarily mean that the data is gone. And a quick format most definitely does not erase the data. Also, deleting the partition does not remove any data.

If you want to know for sure it’s gone, use a third party utility that actually erases the drive byte-by-byte, sector-by-sector. Some apps will even overwrite each byte several times with a different “pattern” value, because in some cases it might be possible to recover data even after it’s properly erased.

A good clue on how effective your erasure is by how long it takes. To erase a drive, a software application has to write every sector on the drive, and to do that takes a long time on large capacity drives because there’s just so many dang sectors. It should take about as long to erase a drive as it does to fill it with data. Anything where you press a button and it says “done” a minute later is only overwriting a few sectors—the data could still be recovered.

Think of the partition and directory information as maps to your data. If you delete the maps, the drive appears to the operating system to be empty, and that’s good enough most of the time. The drive functions the same. As you put data on the drive, the “maps” are rebuilt for your new data, and the old data is overwritten one file at a time.

Which also means 10 years after you format it, some data from the old format could still be there. The recovery tools and procedures are very sophisticated. It may not be what you want to hear, but if you even have a little sensitive or private data on there, I wouldn’t part with it other than to toss it or destroy it.

In the old days (80’s and early 90’s), formatting the drive erased it completely. It pretty much had to because hard drives weren’t as reliable and the format had to check for bad sectors and take them out of the pool. But as time went by, drives became larger and more robust, and nobody wanted to wait 2 hours for the drive to format. And now it’s probably the least of your privacy concerns. Your private data is more likely to be scraped off your Internet connection than your physical drive.

The best way to keep your data private is to encrypt the whole damn drive with something open source like TrueCrypt. Once the power goes of and the drive un-mounts, the thing is a brick without the password. Make sure to use older versions of the software as it’s probably been compromised as of a few weeks ago by some TLA (three letter agency) but the older versions should be fine.

It’s a hassle typing your password for every drive every time your system reboots, but once the power goes off, you know it’s secure. Of course there’s lots of ways to compel people to cough up the password

Tuesday, June 24, 2014

Recently I got this Opus BT-C3100 "analyzing" charger. This charger can test the actual capacity of a wide range of rechargeable battery chemistries, including NiCD, NiMH and Li-ion chemistries. For the most part the bigger name batteries deliver at least the capacity they promise, but it's good to keep them honest. There are also off-brands which can perform as good or better than their big name counterparts, or fall horribly short.

This post will be updated as I test more batteries.

Product

Chemistry

Stated

Actual

# Samples

Low

High

DLG 14500 Flat Top

Li-ion

750

751

4

734

759

Eneloop XX AA

NiMH

2500

2480

4

2455

2496

eFest 16340 IMR

Li-ion

550

577

4

555

594

AW RCR123A

Li-ion

750

559

4

556

565

Olight 14500

Li-ion

750

801

4

788

821

Sanyo UR14500P 14500

Li-ion

840

819

4

808

825

Ultrafire AA NiMH

NiMH

3500

408

4

373

431

NOTES:

AW is supposed to be the best money can buy, so it's a little disappointed to see the test results of the first batch of batteries I bought.

Normally I don't buy Ultrafire batteries, which are considered to be crap. But they do make a few decent models, and this battery had over 400 reviews with 5 stars! They must have been switched out to fakes at some point.

Gallery

Tuesday, June 10, 2014

Behold, the future of the Internet without Net Neutrality. We are very close to this being a reality. The problem of course is 'regulatory capture' where an industry under regulation provides a career path for folks in charge of overseeing regulations for that industry.

Simply put, the policy makers in charge if Net Neutrality are ex-lobbyists with a vested interest in seeing it fail and will be hired again as lobbyists the day they leave office.

Tuesday, June 3, 2014

Finally I think they took me off of their call list. I had a very interesting exchange with the same gentleman who, uh, claimed on a previous call that he had relations with my mother. It didn't sound like he remembered me, but I remembered him. I am typing this from memory, but our exchange went something like this:

(Recording) "Hi, this is Rachael from account services. There is no problem, and your account is in good standing, so we are calling to offer you a lower interest rate. Press #1 to speak with us about this limited time offer."

(presses 1)

"Hello, this is account services, did you press 1 for a lower interest rate?"

"Hi, this is account services, right?"

"Yes sir!"

"And my account is in good standing, right?"

"Sir, I don't know what you're talking about. We work with many different companies to find you the best rate."

"But your recording said that my account was in good standing."

"Sir, you are wrong."

"Do you think I forgot what the recording said when I just heard it a few seconds ago?"

"And yet, you pressed 1"

"Yes I did."

"Why is that? Why did you press 1?"

"Because you are scammers, and I figure every minute I waste is one less minute you have to talk to someone more vulnerable."

"That's stupid because we'll just keep calling you 3 or 4 times a day."

"With your spoofed caller ID."

"Right."

"Just like you have been for the last several weeks."

"And you keep pressing 1?"

"Yes sir. I have wasted quite a bit of your time."

He said something snarky and I said "Talk to you tomorrow, scammer a**hole." and hung up. It's been a couple weeks since and they haven't called back. If they do, I've been thinking over a few scenarios where I can maybe even reverse scam them. I read somewhere that there was a small group of people who managed to scam one of those Nigerian scams out of something like 10 bucks.

Saturday, May 31, 2014

The development team for the popular encryption application TrueCrypt gave users a scare, and quite a bit of fodder for conspiracy theorists the other day when out of the blue they announced that "TrueCrypt is not secure" and abruptly halted all development. A new, decrypt-only version of the product was then released so that users could migrate away from it. The Internet promptly erupted with all manner of hypotheses and far-fetched theories to try to explain the sudden shutdown of one of the few privacy tools actually trusted by the community.

Even more bizzare, and possibly more telling, was the suggestion by the developers for current users of the software to migrate to Windows BitLocker, even though it's widely considered insecure, and even though most users of TrueCrypt are probably running Linux.

What We Know

Here are the facts as I understand them:

1. TrueCrypt issues a statement out of the blue:

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

2. The statement was digitally signed with their valid private key.

3. Their key changed shortly after the statement.

4. A new, decrypt-only version of TrueCrypt was released.

5. The developers have not commented on the statement and have been silent thus far.

Theories Abound

Was this a hidden message--a so-called "canary" signal that they were under scrutiny or a gag order from a certain TLA (three letter agency)? Most die-hard nerds found the suggestion to be ludicrous. There have been rumors about Microsoft having a back door in their encryption ever since they released it; long before Snowden put the hurt on the NSA. No nerd in his right mind would recommend a closed source, single platform privacy tool over a highly regarded open source, multi-platform solution.

Or is this an indication that the development of TrueCrypt has already succumbed to some secret government demand and handed over the keys to the kingdom, allowing this TLA to undermine and shutdown what's probably been a thorn in their side. Tools like this run contrary to the surveillance state.

Maybe it was a hybrid of the two theories above: faced with a secret order to undermine or subvert their work, did they kill it rather than hand over control?

Or is it a legitimate statement, and the development team feels that their work is either insecure or has already been compromised, and they truly feel that all existing users should flock to a Windows solution and not an alternative, open source product?

Whatever the answer is, this whole thing is fishy, and the developers aren't talking, which is yet another red flag. Since TrueCrypt was probably the most trusted privacy app along with PGP, and BitLocker is probably the least trusted, my conspiracy theory is that some TLA probably found a way to shutdown one of the best and most effective privacy tools ever invented, and the development team either sent a signal with their bizarre statement, or the tone-deaf, bureaucratic entity that shut it down ineptly issued the statement itself. The developers could make all these theories go away pretty quickly if they wanted to, but they have been silent on the matter. It should be noted that their statement was signed with their valid private encryption key, and that the key suddenly changed shortly after the statement was issued.

The Way Forward

Is TrueCrypt a perfect tool which has given us perfect privacy from day one? Very doubtful. Yet another twist in the story is that TrueCrypt was right in the middle of a security audit when it shutdown. Luckily, that audit still continues. And I believe the product has already been "forked", meaning that someone has taken a snapshot of the open source code and created their own development path on it.

So regardless of what the actual facts are, TrueCrypt has always been open source, which means development (and scrutiny) of it will never go away as long as someone cares enough to maintain it, and it looks like plenty of people are stepping up.

Should we immediately discontinue use of older versions? That would be a bit premature I think. Certainly I wouldn't trust any future versions of the product. My plan is to keep using it until the forked replacement comes along, which will have even more scrutiny on the code and hopefully a completed, open security audit

It is possible to subvert open source. A trusted, skilled and determined coder could slip in what looks like a valid bug fix which is really a bug in disguise, and subsequent code reviews might even miss it. And that's not even counting the fact that encryption uses a lot of mathematical voodoo that even most software developers don't completely understand.

But like it or not, open source encryption, perfect or not, is the best privacy we are probably ever going to get.

Sunday, April 13, 2014

My wife has always referred to it as the "man purse" but that wasn't the reason I didn't use it. The Maxpedition Rat Wallet is durable and awesome looking, but it's just wasn't that functional for any use case I had in mind for it ... until now. I noticed a while back that my solar USB charger fit perfectly in one of the compartments, but it seemed a waste to use it just to carry one thing. Then it dawned on me that my Ruinovo Battery Pack which had killed about $500 worth of stuff with it's sleek aluminum edges would fit in the Rat. Not only did the battery pack fit the Rat's cell phone pocket perfectly, but it left the Android charging port of it open. Now I can use that battery pack without removing it from the Rat!

I put the Ruinovo in there just to get it somewhere where it wasn't scratching everything I own. Then one day I noticed I could see the Apple port and then thought what a shame that it didn't show the Android port. Then my slow-working brain figured out that hey, I could turn the battery pack around. I still have to push the button through the elastic to start it charging, but that's even a benefit because the button won't get accidentally bumped when it's in the Rat.

The Rat also fits my solar USB battery pack/charger and various cables, too.

Even better, the Rat attaches to the outside of my SwissGear laptop bag for easy access to my USB charging packs. It would have been genius had I actually planned it.

Wednesday, April 2, 2014

They've been calling my work number almost every day. Never the same phone number twice, in fact never the same state twice. They claim be calling from "account services" and ask me to press 1 to lower my interest rate, which then gets me on hold about a minute. I rarely get very far with them before they sniff me out for purposefully leading them on. When asked "what company are you with?" they usually reply with "this is account services" or some such mumbo jumbo.

They are pretty good about sniffing out questions that would catch them in an outright lie, and usually just hang up immediately after being asked such a question. Asking something like "are you account services from my bank?" usually gets me a hangup. One creative guy yesterday answered "no sir, your bank would never call you to save you money" which I thought was an interesting response and thanked him for his honest and creative reply before I pressed the hangup button.

At any rate, if the name of your company is "account services" and you routinely spoof your caller ID to mask your true whereabouts, then there is a special circle of hell reserved just for you. It makes me wonder how many vulnerable people like the elderly they are preying upon. I try to do my part by keeping them on the phone as long as possible.

Tuesday, March 18, 2014

I have this game where I try to keep phone scammers on the line as long as possible. I consider my time valuable, but I figure if enough people string them along and waste their time, then there will be less time for them to scam people who are more vulnerable.

Lately though it seems like they are catching onto this technique of stringing them along. The last few times they've called me, I must have sounded too enthusiastic because they've hung up right after I say "I would LOVE to hear more about lowering my interest rates!"

My original thought was that they keep records on their system about who messes with them, but if that was the case, then they probably wouldn't call me in the first place. So they must be really good at detecting mock enthusiasm. Most people are probably skeptical, so next time I have resolved to saying something like "This isn't a scam is it? because I'm really hard to scam" or something along those lines.

Either way, these types of calls have been increasing, so while some people look at it as a big hassle, I look at it as refining my technique.

Wednesday, January 29, 2014

A decent camera is just part of the setup you need to take closeup pictures of small objects, which I do for a couple of my blogs. It's a natural progression: you start by taking whimsical photos of your objects pretty much wherever you happen to be standing, then you work on getting your photos consistently good, and then finally you end up with a light box for some or all of your photos.

Commercial light boxes aren't too expensive. If you're going to lay down $500 to $1,000 for a good camera, then $50 for a light box won't be a problem. But they don't get very good reviews, and they don't really look like they are worth the $50. What you're after is basically just diffused light on a white background.

Since we all have light sources, and we all have diffusers in the form of printer paper, I set out to cobble together my own setup before I gave in and spent the money on something off-the-shelf. Somewhere I read an article about making your own light box from a plain cardboard box, so I decided to start with that design.

Materials

Large cardboard box

Small stack of printer paper

Small roll of tape

Tools

Box cutter or pocket knife

Scisssors

Complete Setup

Camera

Tripod

Macro Filter (goes on end of lens)

Light Box

Table

Desk or standing lamps

Building the Light Box

Most of the work is in modifying the cardboard box. First, cut off all the flaps with a pocket knife. Make sure it is nice and sharp and the flaps should come off with little effort. Since I collect and blog about pocket knives, this wasn't a problem. You'll want to take the box and put it on a table or workbench with the opening facing you. This is how the box will be oriented while you take pictures with it.

Next, cut three small windows in the top and sides of the box using the same pocket knife or box cutter. The windows should be smaller than a piece of printer paper because the paper will cover the windows and act as a diffuser, giving your light box some nice, soft, light. At this point your cardboard box is done.

Now it's time to add the diffusers. Take 2 sheets of paper and tape them over the two side windows you just carved. They will just hang freely. Next, put a sheet over the top window. Using the top can be a little tricky because you either have to have the lamp standing over it or find a lamp bigger than the window so it won't try to fall through the top. Other solutions would be a small pane of glass or securely taping the paper so it could hold up a small lamp. I just used an old aquarium lamp I found from digging through the garage.

Once the diffusers are attached, break out a couple lamps and a tripod and you're ready to go!

Below is the result of the picture I was taking above. This setup is giving me professional quality results for a total cost of zero dollars.